減價貨品[全部資料]

  • IP330 Entry-level IP phones

    US$: 156.00

    HK$: 1,209.00

  • video collaboration phone SIP VP-T49G

    US$: 714.29

    HK$: 5,500

  • Ultra-elegant Gigabit IP Phone SIP-T42G

    US$: 176

    HK$: 1,355.20

推廣優惠[全部資料]

  • Cisco SPA504G 4-Line IP Phone with PoE

    US$: 189

    HK$: 1474

  • Ultra-elegant Gigabit IP Phone SIP-T48G

    US$: 345.71

    HK$: 2,662

  • Dahua HAC-HDW2401E

    US$:

    HK$: 650

顧戶見證

WannaCry ransomware heavily scans these SMB ports

發佈時間:5/18/2017  作者:By Networks Asia staff  來源:Security Asia

WannaCry ransomware heavily scans these SMB ports

A major ransomware attack has affected many organizations across the world reportedly including Telefonica in Spain, the National Health Service in the UK, and FedEx in the US. The malware responsible for this attack is a ransomware variant known as “WannaCry.”

The malware has the capability to scan heavily over TCP port 445 (Server Message Block/SMB), spreading similar to a worm, compromising hosts, encrypting files stored on them and then demanding a ransom payment in the form of Bitcoin. It is important to note that this is not a threat that simply scans internal ranges to identify where to spread, it is also capable of spreading based on vulnerabilities it finds in other externally facing hosts across the internet.

Additionally, Talos has observed WannaCry samples making use of DOUBLEPULSAR which is a persistent backdoor that is generally used to access and execute code on previously compromised systems. This allows for the installation and activation of additional software, such as malware. This backdoor is typically installed following successful exploitation of SMB vulnerabilities addressed as part of Microsoft Security Bulletin MS17-010. This backdoor is associated with an offensive exploitation framework that was released as part of the Shadow Brokers cache that was recently released to the public.

Since its release it has been widely analyzed and studied by the security industry as well as on various underground hacking forums.

WannaCry does not appear to only be leveraging the ETERNALBLUE modules associated with this attack framework, it is simply scanning accessible servers for the presence of the DOUBLEPULSAR backdoor.

In cases where it identifies a host that has been implanted with this backdoor, it simply leverages the existing backdoor functionality available and uses it to infect the system with WannaCry.

In cases where the system has not been previously compromised and implanted with

DOUBLEPULSAR, the malware will use ETERNALBLUE for the initial exploitation of the SMB vulnerability. This is the cause of the worm-like activity that has been widely observed across the internet.

Organizations should ensure that devices running Windows are fully patched and deployed in accordance with best practices. Additionally, organizations should have SMB ports (139, 445) blocked from all externally accessible hosts.

[ 返回 ] [ TOP ]

熱賣排行榜

暢銷貨品

  • ZkTeco EF200

    US$: 65

    HK$: 500

  • Cisco SPA509G 12-Line IP Phone with PoE

    US$: 240

    HK$: 1872

  • Cisco SPA525G 5-Line IP Phone with Color Display

    US$: 365

    HK$: 2847

  • Fanvil I12 Sip Audio Intercom

    US$:

    HK$: 2052

  • Ultra-elegant IP Phone SIP-T40P

    US$: 130.43

    HK$: 1,004.30

  • Ultra-elegant IP Phone SIP-T41P

    US$: 141.42

    HK$: 1,089

  • Ultra-elegant Gigabit IP Phone SIP-T46G

    US$: 251.43

    HK$: 1,936